search

code-423n4 / 2023-07-amphora-findings

3 stars 2 forks source link

whitelist voting logic error #343

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-amphora/blob/daae020331404647c661ab534d20093c875483e1/core/solidity/contracts/governance/GovernorCharlie.sol#L469-L473

Vulnerability details

Impact

In governor protocol look at the proposal's votes and decide is it defeated or succeed after proposal.endBlock. If nonWhitelisted user's proposal's forVote>AgainstVote and forVotes>Quorum then proposal's state will be succeed. Protocol gives extra credit to whitelisters and just needed to againstVoteagainstVote>quorum happens, then Whitelisted' proposal will be defetad even though it shouldn't. (Because in forVote>againstVote>quorum situation nonwhitelister proposal will be succeed.

Proof of Concept

Tools Used

Manuel review

Recommended Mitigation Steps

Instead of this (_whitelisted && _proposal.againstVotes > _proposal.quorumVotes) in line 470 @ GovernorCharlie.sol add this: (_whitelisted && _proposal.againstVotes > _proposal.quorumVotes &&_proposal.againstVotes>=_proposal.forVotes)

Assessed type

Invalid Validation

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #212

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Invalid